To help information security professionals who are facing growing pressure to cut costs, reduce IT-related risks, and comply with new and existing laws and regulations, the IT Governance Institute (ITGI) has released new guidance featuring a holistic approach to information security governance.
Developed and reviewed by a team of international information security experts, Information Security Governance: Guidance for Information Security Managers outlines key security tasks for the following areas: 1. Strategic alignment—Cost-effectiveness of the security program, tied to how well the organization’s objectives are supported 2. Risk management—The ultimate objective of all information security activities and organizational assurance efforts3. Value delivery—A function of the strategic alignment of security strategy and business objectives4. Performance measurement—Measuring, monitoring and reporting on information security processes5. Resource management —Processes to plan, allocate and control information security resources, including people, processes and technologies for improving the efficiency and effectiveness of business solutions6. Process assurance—Integration of disparate assurance functions to ensure that processes operate as intended from end to end, minimizing hidden risksFor each key task, the publication provides indicators that the tasks are being performed correctly. It also includes actions that boards and executive management can take to ensure effective governance over information security. “As with any other business-critical activity, information security program activities must be thoroughly planned, effectively executed and constantly monitored at the highest levels of the organization,” said Krag Brotby, CISM, member of the ISACA CISM Test Enhancement Committee and author of the ITGI publication. “Failure to do so can cause significant financial losses or reputational damage—as many companies have learned the hard way. Information security is truly one of those areas in which preparation is infinitely more valuable than remediation.”Information Security Governance: Guidance for Information Security Managers is available from the ISACA Bookstore at www.isaca.org/bookstore. It is a companion publication to Information Security Governance: Guidance for Boards of Directors and Executive Management, 2nd Edition. The IT Governance Institute is a nonprofit, independent research entity that provides guidance for the global business community on issues related to the governance of IT assets. ITGI was established by the nonprofit membership association ISACA in 1998 to help ensure that IT delivers value and its risks are mitigated through alignment with enterprise objectives, IT resources are properly managed, and IT performance is measured. ITGI developed Control Objectives for Information and related Technology (COBIT) and Val IT, and offers original research and case studies to help enterprise leaders and boards of directors fulfill their IT governance responsibilities and help IT professionals deliver value-adding services.
Article from Public Sector Technology Net
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment